Android devices in U.S. face more malware attacks than PCs

Android devices are now attacked more often by malware than PCs, according to a report released Tuesday by a cyber security software maker.

The 2013 Security Threat Report from Sophos revealed that almost 10 percent of Android devices in the U.S. have experienced a malware attack over a three-month period in 2012, compared to about 6 percent of PCs.

The situation is worse in Australia, where more than 10 percent of Android devices have been attacked by malware, compared with about 8 percent for PCs.

With 52.2 percent of the smartphone market in the United States, Android has become a tempting target, Sophos reported. "Targets this large are difficult for malware authors to resist," the report said. "And they aren’t resisting – attacks against Android are increasing rapidly."

Sophos noted that the most common malware attack on Android involves installing a fake app on a handset and secretly sending expensive messages to premium-rate SMS services.

Cyber criminals have also found ways to subvert two-factor authentication used by financial institutions to protect mobile transactions, according to the report. They do that by planting eavesdropping malware on a handset to obtain the authentication code sent to a phone by a bank to complete a transaction.

During 2012, the report said, hackers showed ambition by attacking more platforms – social networks, cloud services and mobile devices – and nimbleness by rapidly responding to security research findings and leveraging zero-day exploits more effectively.

In addition, hackers attacked thousands of badly configured websites and databases, using them to expose passwords and deliver malware to unsuspecting Internet users, the report noted.

More than 80 percent of all "drive-by" attacks on unsuspecting Web surfers occur at legitimate websites, according to the report.

It explained that attackers hack into legitimate websites and plant code that generates links to a server distributing malware. When a visitor arrives at the legitimate site, their browser will automatically pull down the malicious software along with the legitimate code from the website.

The Sophos report also identified the five riskiest and safest countries in the world for experiencing malware attacks. Hong Kong was the riskiest country, with 23.54 percent of its PCs experiencing a malware attack over a three-month period in 2012. It was followed by Taiwan (21.26 percent), the United Arab Emirates (20.78 percent), Mexico (19.81 percent) and India (17.44 percent).

Norway (1.81 percent) was the safest country against malware attacks, followed by Sweden (2.59 percent), Japan (2.63 percent), the United Kingdom (3.51 percent) and Switzerland (3.81 percent).

"Security really is about more than Microsoft," the report said. "The PC remains the biggest target for malicious code today, yet criminals have created effective fake antivirus attacks for the Mac.

"Malware creators are also targeting mobile devices as we experience a whole new set of operating systems with different security models and attack vectors," it added. "Our efforts must focus on protecting and empowering end users – no matter what platform, device, or operating system they choose."